75d1956af5b4954c6c6336cd898db3ea85cd7987b1786b0c4e3cd64f7be7aee4

Analysis

max time kernel
40s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
22-12-2022 19:11

Target

YouContractChanges/YouNewRules.dll
Size

516KB
MD5

934ce14971f8b392035091f6c4b8359b
SHA1

1c64dc1cf040e89834a787722ed49367d515184c
SHA256

0e1f44187d73e706600e63c7ffb8132be360e44962a4f6ef2e34f53cdd8681b2
SHA512

0cc8d1645913f8a44cfd7d7f5a1e83f5416637f62ce54cf07fee88673d81c567598633dac60dcc38484a12cb4f3a329326690b642e01e6a7ced4824a7ac3e147
SSDEEP

6144:wiIqnct7uycRpLrFPQleGc2BpeQvfTiD3MJIyFX+OwjzK9y9KOc6rXPMATcBu:wihnctArBgRprvbiIIAuz19nTMAgc

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1132 wrote to memory of 1172	1132	rundll32.exe	rundll32.exe
PID 1132 wrote to memory of 1172	1132	rundll32.exe	rundll32.exe
PID 1132 wrote to memory of 1172	1132	rundll32.exe	rundll32.exe
PID 1132 wrote to memory of 1172	1132	rundll32.exe	rundll32.exe
PID 1132 wrote to memory of 1172	1132	rundll32.exe	rundll32.exe
PID 1132 wrote to memory of 1172	1132	rundll32.exe	rundll32.exe
PID 1132 wrote to memory of 1172	1132	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\YouContractChanges\YouNewRules.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1132

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\YouContractChanges\YouNewRules.dll,#1
2⤵
PID:1172

memory/1172-54-0x0000000000000000-mapping.dmp

Download
memory/1172-55-0x0000000075561000-0x0000000075563000-memory.dmp

Filesize
8KB

Download